Cisco ASR 9000 series routers have solid support for NetFlow and can generate NetFlow for a large amount of traffic without any issues. But considering the amount of available port capacity on these routers, we suggest using sampling by default to avoid control plane CPU overload.
We can suggest the following configuration from the ASR 9000 series of Cisco routers:
flow exporter-map FASTNETMON-EXPORTER version v9 options interface-table timeout 60 options sampler-table timeout 60 template timeout 60 template data timeout 60 template options timeout 60 ! transport udp 2055 source Loopback0 destination 10.0.0.1 ! flow monitor-map SECOND-MAP record ipv4 exporter FASTNETMON-EXPORTER cache entries 200000 cache timeout active 30 cache timeout inactive 30 ! sampler-map FIRST-SAMPLER random 1 out-of 1024
If you prefer IPFIX, you can replace “v9” with “ipfix” in this configuration. Also, replace “10.0.0.1” in this configuration with the address of the machine where you have FastNetMon.
Also, set the following option for all interfaces:
flow ipv4 monitor exporter-map sampler FIRST-SAMPLER ingress
FastNetMon can detect the sampling rate from routers automatically in almost all cases. You can check the detected sampling rate per router this way:
sudo fcli show netflow_sampling_rates
Sampling rate may be detected incorrectly when multiple samplers are configured on the routers. This is a technical restriction; please avoid this configuration. FastNetMon can detect the sampling rate correctly when you only have a single sampler. As an alternative, in case you need multiple samplers, set them to the same sampling rate.
Also, you may check system counters to confirm that FastNetMon received and decoded sampling announcements from routers:
sudo fcli show system_counters |grep netflow9 |grep sampling netflow9_custom_sampling_rate_received 8688 netflow9_sampling_rate_changes 1
If you see zero values, you should check that FastNetMon received options Netflow packets (they carry all meta information about Netflow exporters):
sudo fcli show system_counters |grep netflow9 |grep options netflow9_options_templates_number 844 netflow9_options_packet_number 1448
As a fallback option, you can configure the sampling rate manually in FastNetMon in the following way:
sudo fcli set main netflow_sampling_ratio 1000
For specified active and inactive timeouts, we recommend using the following average calculation time values:
sudo fcli set main average_calculation_time 60 sudo fcli commit
If you notice an incorrect bandwidth calculation, we recommend using visual traffic for debugging purposes.
After this, please revise the dashboard “Netflow v9 metrics” from the default dashboard list.
Occasionally, on high-traffic routers, we have observed that the router exports only a small amount of all flows, and FastNetMon sees very low traffic. This may be caused by an internal rate limit on the number of flows exported per second. You can increase it using the following command (undocumented engineering):
cache timeout rate-limit 4096
Use this command with caution. Increase the value incrementally; values up to 32,000 have been tested successfully.
If you plan to use NetFlow with ASN information, you will need to enable the following option in the BGP section:
bgp attribute-download